There seems to be no end to the bad news about Indian government website vulnerabilities. What can the government do to better protect citizens' data? For starters, they should promptly pay attention to warnings from local security researchers.

Latest

A recent alert from the Department of Homeland Security warning of vulnerabilities in certain medical imaging products from GE Healthcare is a reminder to other medical device makers and healthcare entities about the risks posed by hardcoded and default credentials.

Facebook is under fire after reports suggested data-mining firm Cambridge Analytica obtained private information on 50 million Facebook users. The social network contends that it didn't suffer a "breach," saying the information was legally obtained but subsequently misused.

To help identify and mitigate the next generation of Spectre and Meltdown speculative execution flaws in CPUs, Microsoft and Intel are offering researchers up to $250,000 if they share their discoveries as part of a coordinated vulnerability disclosure program.

The FBI has arrested the CEO of the Canadian smartphone service Phantom Secure on charges that he and four other suspects ran an encrypted telecommunications service used by more than 20,000 customers to facilitate illegal activities, including international shipments of cocaine and other drugs.

Leading the latest edition of the ISMG Security Report: The Trump administration sanctions Russian organizations and individuals over U.S. election interference, the NotPetya campaign and energy sector hacks. Also featured: A deep dive into the use of so-called active defense.

The PCI Security Standards Council is offering 40 percent lower fees for participating organizations in nations with lower-income economies. "We want to encourage countries in Africa and South Asia to get engaged with us," Jeremy King, international director at PCI SSC, tells ISMG in an exclusive interview.

The Securities and Exchange Commission and the Department of Justice have both charged Jun Ying, a former CIO at data broker Equifax, with engaging in illegal insider trading after he determined that his employer had suffered a massive breach.

A U.S. power company, unnamed by regulators, has been fined a record $2.7 million for violating energy sector cybersecurity regulations after sensitive data - including cryptographic information for usernames and passwords - was exposed online for 70 days.

A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on machines appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.

President Donald Trump has blocked a bid by Singapore's Broadcom to acquire U.S. chipmaker Qualcomm on the grounds that it could impact national security, including the United States' ability to help shape future mobile telephony standards.

A federal judge has largely rejected a motion by Verizon to dismiss a class-action lawsuit filed by victims of three data breaches that compromised Yahoo, which is now part of Verizon. The Yahoo breaches appeared to have compromised nearly every Yahoo user's personal details at least once.

To the surprise of many, $120 million allocated by Congress since late 2016 to help the State Department combat foreign governments' U.S.-focused propaganda and disinformation campaigns hasn't been spent. Meanwhile, midterm U.S. elections are fast approaching.